Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
AW: [suse-security] Linux/Slapper.worm
  • From: "Ulrich Roth" <Roth@xxxxxxxxx>
  • Date: Thu, 19 Sep 2002 10:56:58 +0200
  • Message-id: <047D33E9F294624A972F6A6325C993C204A531@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Hello Joachim,

> Mod_SSL or OpenSSL ? I don´t unterstand this ??
> OpenSSL is standalone application !
> SSL with Apache works only with file /usr/lib/apache/libssl.so
> SSL with Apache works only with file /usr/lib/apache/libcrypto.so
> Apache doesn´t work with /usr/sbin/openssl
> libssl.so is included in mod_ssl.rpm package !
> I can´t find any ssl version of 0.9.6.e or 0.9.6.g
> this is recommended of securityfocus.com
>
> I was compiled a new OpenSSL after restart apache works again
> the old vulnerable version of openssl.
On one hand openssl is a standalone application, on the other hand
there is the openssl module for apache.
What you need is the new version of the apache module. If you have it,
copy it into the libexec directory.
How do you get it?
Either as an rpm package, or a tarred version, or maybe it's possible
to compile only the apache module from the openssl sources, I don't
know.
As I use a self compiled apache, I also recompiled apache, and apache
built the new ssl module by itself from the openssl source directory.
Bye
Uli
--
Ulrich Roth
IMPACT Business & Technology Consulting GmbH
Im Mediapark 8 / KölnTurm
D-50670 Koeln
Phone +49-221-93 70 80-29
Fax +49-221-93 70 80-15
E-Mail: roth@xxxxxxxxx

< Previous Next >
This Thread
Follow Ups